Total
11593 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-2421 | 1 Socket | 1 Socket.io-parser | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper type validation in attachment parsing the Socket.io js library, it is possible to overwrite the _placeholder object which allows an attacker to place references to functions at arbitrary places in the resulting query object. | |||||
| CVE-2022-29822 | 1 Feathersjs | 1 Feathers-sequelize | 2024-01-02 | N/A | 9.8 CRITICAL |
| Due to improper parameter filtering in the Feathers js library, which may ultimately lead to SQL injection | |||||
| CVE-2023-48893 | 1 Slims | 1 Senayan Library Management System Bulian | 2023-12-31 | N/A | 8.8 HIGH |
| SLiMS (aka SENAYAN Library Management System) through 9.6.1 allows admin/modules/reporting/customs/staff_act.php SQL Injection via startDate or untilDate. | |||||
| CVE-2023-49752 | 1 Spoonthemes | 1 Adifier | 2023-12-30 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Spoon themes Adifier - Classified Ads WordPress Theme.This issue affects Adifier - Classified Ads WordPress Theme: from n/a before 3.1.4. | |||||
| CVE-2023-49677 | 1 Kashipara | 1 Job Portal | 2023-12-29 | N/A | 9.8 CRITICAL |
| Job Portal v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'cmbQual' parameter of the Employer/InsertJob.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-44481 | 1 Projectworlds | 1 Leave Management System | 2023-12-29 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setearnleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2021-1636 | 1 Microsoft | 1 Sql Server | 2023-12-29 | 6.5 MEDIUM | 8.8 HIGH |
| Microsoft SQL Elevation of Privilege Vulnerability | |||||
| CVE-2023-48327 | 1 Wcvendors | 1 Woocommerce Multi-vendor\, Woocommerce Marketplace\, Product Vendors | 2023-12-29 | N/A | 7.2 HIGH |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WC Vendors WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors.This issue affects WC Vendors – WooCommerce Multi-Vendor, WooCommerce Marketplace, Product Vendors: from n/a through 2.4.7. | |||||
| CVE-2023-44482 | 1 Projectworlds | 1 Leave Management System | 2023-12-29 | N/A | 8.8 HIGH |
| Leave Management System Project v1.0 is vulnerable to multiple Authenticated SQL Injection vulnerabilities. The 'setsickleave' parameter of the admin/setleaves.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-49776 | 1 Dmry | 1 Sayfa Sayac | 2023-12-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Hakan Demiray Sayfa Sayac.This issue affects Sayfa Sayac: from n/a through 2.6. | |||||
| CVE-2023-48718 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_students.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48720 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'password' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48722 | 1 Phpgurukul | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_name' parameter of the add_results.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48687 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'from' parameter of the reservation.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48685 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'psd' parameter of the login.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48689 | 1 Projectworlds | 1 Railway Reservation System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Railway Reservation System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'byname' parameter of the train.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-48716 | 1 Projectworlds | 1 Student Result Management System | 2023-12-29 | N/A | 9.8 CRITICAL |
| Student Result Management System v1.0 is vulnerable to multiple Unauthenticated SQL Injection vulnerabilities. The 'class_id' parameter of the add_classes.php resource does not validate the characters received and they are sent unfiltered to the database. | |||||
| CVE-2023-35915 | 1 Automattic | 1 Woopayments | 2023-12-29 | N/A | 9.8 CRITICAL |
| Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 5.9.0. | |||||
| CVE-2023-51052 | 1 S-cms | 1 S-cms | 2023-12-29 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_formauth parameter at /admin/ajax.php. | |||||
| CVE-2023-51051 | 1 S-cms | 1 S-cms | 2023-12-29 | N/A | 9.8 CRITICAL |
| S-CMS v5.0 was discovered to contain a SQL injection vulnerability via the A_textauth parameter at /admin/ajax.php. | |||||